4065 matches found
SUSE CVE-2015-6918
salt before 2015.5.5 leaks git usernames and passwords to the log...
SUSE CVE-2015-6941
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
SUSE CVE-2015-7194
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted ZIP archive...
SUSE CVE-2015-7976
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...
SUSE CVE-2015-8385
PCRE before 8.38 mishandles the /?|\k'Pm'|?'Pm'/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...
SUSE CVE-2015-8392
PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...
SUSE CVE-2015-8407
Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...
SUSE CVE-2015-8466
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header...
SUSE CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1...
SUSE CVE-2015-8894
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service application crash via a crafted tga file...
SUSE CVE-2015-9252
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc...
SUSE CVE-2015-9275
ARC 5.21q allows directory traversal via a full pathname in an archive file...
SUSE CVE-2016-0597
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer...
SUSE CVE-2016-0600
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB...
SUSE CVE-2016-0746
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...
SUSE CVE-2016-1654
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service invalid read operation via unknown vectors...
SUSE CVE-2016-1669
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impa...
SUSE CVE-2016-1924
The opjtgtreset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG 2000 image...
SUSE CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
SUSE CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...